If you want to support my work, you can....
02/06/2018
- Dropped support for 4.05 (no reason to stay there, exploit for 4.55 was much more stable if you still don't want to update to 5.05).
- Added support for 5.05.
- If you are updating from my previous Pi Xploit Host version, you will need to edit the .htaccess file as it's been changed to support auto redirection to your FW version exploits menu. Follow the manual.
- If you are updating from my previous Pi Xploit Host version, you may want to delete unused stuff in html directory, all the files related to the PiXploitHost are now placed in the PiXploitHost subdirectory.
31/03/2018
- New icons, no more skulls for every option :)
- Removed update blocker for 4.05. Not needed, xvortex hen does it.
26/03/2018
- Added Stooged's AppToUSB payloads. If you don't want to do all the process again, just copy the AppToUSB directories from the "ps4/exploits/4xx" subdirectories, "ps4/index.html" file, and "js" and "css" directories. Overwrite when prompted.
14/03/2018
-
Updated xvortex 4.55 submodules
-
Added specter exploit back so you can send bin payloads if not included in PiXploitHost (don't have much time to test new released stuff).
-
Added PHP binary payload sender. You can connect to your Raspberry Pi web server from your smart phone and send the selected payload to the PS4 after loading Specter exploit in PS4 browser / user guide.
-
For the PHP binary payload sender you need to install PHP in your Raspberry Pi. Check PHP installation step in the guide. This is optional, only needed if you want to use the binary payload sender.
-
After you finish the exploit host installation, you need to edit the config.php file in the /var/www/html/PiXploitHost/ps4/payload_sender/ directory, with your PS4 IP (you need to set it up with a static IP for this to work).
nano /var/www/html/PiXploitHost/ps4/payload_sender/config.php
-
You need to place the binary payload files in /var/www/html/PiXploitHost/ps4/payload_sender/bin_payloads/ directory. To do so you can use a SFTP client like WinSCP (https://winscp.net) or any other. Login to your Pi with the pi user and password, browse to that folder and upload the bin files.
-
To access the PHP payload sender from your smart phone, just browse to http://YOUR_RASPBERRY_PI_IP/PiXploitHost/ps4/payload_sender/
06/03/2018
-
4.55 support
-
How to upgrade from previous version
To upgrade from previous version, just follow the guide from the "Clone the repo and exploit submodules" subsection in the "Cloning PiXploitHost repository" section. Then follow the guide to edit the .htaccess file and reboot Apache. That's it.
Please note, the "install" script will delete all contents in /var/www/html/ directory, so if you are hosting anything else in there, make sure to back it up first, or modify the script to meet your needs.
19/02/2018
- 4.05 support
Use your Raspberry Pi (any model) to host console exploits and protect the consoles against undesired FW upgrades.
All this is made on a Pi with Raspbian Jessie with static IP address on local network. Instead of setting a static IP address on your Pi, you can add a static lease in your router. Both are fine, you just need the Pi to have the same IP all the time.
I wrote the guide after i set it all up on an already set up Raspbian Jessie based home server, hopefully i didn't forget any step, or missed installing any needed package. Report any error, and i will double check.
Please, note i'm using the user pi by default. Probably not the best idea since it can be sudoed, so feel free to modify this yourself if login in with another user. Not exposing any services to the internet, so it should be fine tho.
All commands are run from terminal.
This is WIP... only PS4 exploits added for now.
Install DNSmasq DNS server:
sudo apt-get install dnsmasq
Add forged DNS entries in config file:
sudo nano /etc/dnsmasq.conf
Add the following lines to the end of the file (replace YOUR_RASPBERRY_PI_STATIC_IP with your RPi static IP address):
# Wii U Update Blocker
address=/nus.cdn.shop.wii.com/127.0.0.1
address=/nus.cdn.wup.shop.nintendo.net/127.0.0.1
address=/nus.wup.shop.nintendo.net/127.0.0.1
address=/nus.c.shop.nintendowifi.net/127.0.0.1
# PS4 Update Blocker
address=/manuals.playstation.net/**YOUR_RASPBERRY_PI_STATIC_IP**
address=/.net.playstation.net/**YOUR_RASPBERRY_PI_STATIC_IP**
address=/.ps4.update.playstation.net/**YOUR_RASPBERRY_PI_STATIC_IP**
address=/gs2.ww.prod.dl.playstation.net/**YOUR_RASPBERRY_PI_STATIC_IP**
address=/.207.net/127.0.0.1
address=/.akadns.net/127.0.0.1
address=/.akamai.net/127.0.0.1
address=/.akamaiedge.net/127.0.0.1
address=/.cddbp.net/127.0.0.1
address=/.ea.com/127.0.0.1
address=/.edgekey.net/127.0.0.1
address=/.edgesuite.net/127.0.0.1
address=/.llnwd.net/127.0.0.1
address=/.playstation.com/127.0.0.1
address=/.playstation.net/127.0.0.1
address=/.playstation.org/127.0.0.1
address=/.ribob01.net/127.0.0.1
address=/.sbdnpd.com/127.0.0.1
address=/.scea.com/127.0.0.1
address=/.sonyentertainmentnetwork.com/127.0.0.1
Hit Control X to exit nano, followed by Y + enter to save the file.
Restart the service with the following command:
sudo service dnsmasq restart
Check it is working properly. If you ping any of the above domains, result should be the IP we added to the conf file. Make sure it works!
ping www.google.com
PING www.google.com (172.217.19.132) 56(84) bytes of data.
64 bytes from par03s12-in-f132.1e100.net (172.217.19.132): icmp_seq=1 ttl=53 time=18.9 ms
ping manuals.playstation.net
PING manuals.playstation.net (**YOUR_RASPBERRY_PI_STATIC_IP**) 56(84) bytes of data.
64 bytes from **YOUR_RASPBERRY_PI_STATIC_IP**: icmp_seq=1 ttl=64 time=0.065 ms
ping www.sonyentertainmentnetwork.com
PING www.sonyentertainmentnetwork.com (**127.0.0.1**) 56(84) bytes of data.
64 bytes from localhost (**127.0.0.1**): icmp_seq=1 ttl=64 time=0.061 ms
Install Apache web server
sudo apt-get install apache2 -y
Set the proper permissions for user pi
sudo chown -R pi:www-data /var/www
sudo chmod u+rxw,g+rx-w,o-rwx /var/www
sudo chmod g+s /var/www
Load Apache rewrite module:
sudo a2enmod rewrite
Add a redirect rule in var/www/html/.htaccess file
nano /var/www/html/.htaccess
Place the following text in the file:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} "PlayStation 4 5.05" [NC]
RewriteRule ^document/[a-z]{2}/ps4(.*)$ PiXploitHost/ps4/ps4_505_index.html [L,R]
RewriteCond %{HTTP_USER_AGENT} "PlayStation 4 4.55" [NC]
RewriteRule ^document/[a-z]{2}/ps4(.*)$ PiXploitHost/ps4/ps4_455_index.html [L,R]
Hit Control X to exit nano, followed by Y + enter to save the file.
Edit apache2.conf file to allow redirects:
sudo nano /etc/apache2/apache2.conf
Find the following text:
<Directory /var/www/>
...
</Directory>
Edit the entry so it looks like this:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Hit Control X to exit nano, followed by Y + enter to save the file.
Restart Apache to apply changes:
sudo service apache2 restart
You can check if Apache is working by accessing http://YOUR_PI_IP from a browser in aany computer in your network.
Install PHP with the following command:
sudo apt-get install php libapache2-mod-php -y
Install git with the following command:
cd ~
sudo apt-get install -y git dialog
Clone the repo and exploit submodules:
git clone https://github.com/c0d3m4st4/PiXploitHost.git
cd PiXploitHost
git submodule init
git submodule update
Run these commands in PiXploitHost directory to move the needed files to Apache2 document root directory:
sudo chmod +x moveFiles.sh
./moveFiles.sh
cd ..
rm -rf PiXploitHost
Please, note this will move all files to the default Apache2 document root directory in /var/www/
If your document root points somewhere else, you will need to make the necessary changes in the script and server config.
-
Disable automatic updates (Top menu - Settings - System - Automatic downloads - DISABLE ALL)
-
Network configuration (Top menu - Settings - Network - Set up internet connection - Use cable (or WiFi if that's your case) - Custom - Manual IP address - Manual DNS settings - Primary DNS: YOUR_RASPBERRY_PI_STATIC_IP - Scondary DNS: 0.0.0.0 - Automatic MTU - Do not use proxy)
-
And that's it. Now if you navigate to the user's guide (Top menu - Settings - User's guide), it should open your new host instead of the user guide, and you can easily run the exploits.
All icons made by Freepik (www.freepik.com) from www.flaticon.com
Exploits code